From e232c50c9e429b53005873a28ddeb549a7bcf959 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 6 Oct 2011 00:26:25 -0700 Subject: [PATCH] check author url to see if it matches current contact before relay is accepted --- mod/dfrn_notify.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 01bb9119ed..19a2fa61ca 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -462,10 +462,18 @@ function dfrn_notify_post(&$a) { ); if($r && count($r)) { + logger('dfrn_notify: received remote comment'); $is_like = false; // remote reply to our post. Import and then notify everybody else. $datarray = get_atom_elements($feed,$item); + + if(! link_compare($datarray['author-link'],$importer['url'])) { + logger('dfrn_notify: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); + // they won't know what to do so don't report an error. Just quietly die. + xml_status(0); + } + $datarray['type'] = 'remote-comment'; $datarray['wall'] = 1; $datarray['parent-uri'] = $parent_uri;